Senior Vulnerability Management Engineer

Tekfortune Inc.

Irvine, CA

Apply

JOB DETAILS

SKILLS

Amazon Web Services (AWS), Analysis Skills, Application Programming Interface (API), Atlassian JIRA, Authentication, Automation, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Applications, Cloud Computing, Communication Skills, Computer Networks, Computer Security, Continuous Deployment/Delivery, Continuous Improvement, Continuous Integration, DMZ, Detail Oriented, DevOps, Establish Priorities, External Audit, HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), Internal Audit, Internet Security, Leadership, Mentoring, Metrics, Microsoft Windows Azure, PCI-DSS, Product Lifecycle, Project/Program Management, Python Programming/Scripting Language, Reporting Dashboards, Risk, Sarbanes-Oxley Act (SOX), Scripting (Scripting Languages), Security Auditing, Security Information and Event Management (SIEM), Service Level Agreement (SLA), ServiceNow, Splunk, Technical Leadership, Time Management, U.S. National Institute of Standards and Technology (NIST), Vulnerability Scanners, Windows PowerShell

LOCATION

Irvine, CA

POSTED

3 days ago

Job Title: Senior Vulnerability Management Engineer
Location: Onsite-Irvine / Remote
Experience: 8 12+ years in Cybersecurity, with strong hands on Vulnerability Management experience
_______________________________
Role Overview
We are seeking a Senior Vulnerability Management Engineer to lead and mature the organization s vulnerability management program. This role requires deep hands on expertise with Rapid7 InsightVM, risk based prioritization, remediation governance, and collaboration with infrastructure, cloud, and application teams. The ideal candidate will drive vulnerability reduction through automation, intelligent prioritization, and strong stakeholder engagement.
________________________________________
Key Responsibilities
Vulnerability Management & Risk Prioritization
" Own and manage the end to end vulnerability management lifecycle using Rapid7 InsightVM.
" Conduct authenticated vulnerability scanning across on prem, cloud (AWS/Azure), External, and DMZ assets.
" Analyze vulnerabilities using CVSS v3, Rapid7 Real Risk Score, exploitability, and asset criticality.
" Identify and escalate Critical vulnerabilities, including Zero Day and KEV listed exposures.
" Define and enforce Vulnerability Prioritization & SLA models (Critical, High, Medium, Low).
________________________________________
Remediation & Stakeholder Collaboration
" Partner with Infrastructure, Cloud, DevOps, and Application teams to drive timely remediation.
" Create and manage remediation projects within Rapid7.
" Validate fixes through rescans and evidence collection.
" Support risk acceptance workflows, ensuring business justification and governance approvals.
________________________________________
Dashboards, Reporting & Metrics
" Build executive level dashboards and reports showing:
o Total vulnerabilities
o Critical/High trends
o MTTR and SLA compliance
o Risk score reduction
" Provide audit ready reporting for PCI DSS, SOX, HIPAA, ISO 27001, and NIST.
" Track KPIs such as vulnerability aging, repeat findings, and remediation velocity.
________________________________________
Automation & Integration
" Integrate Rapid7 with ServiceNow for automated ticket creation and SLA tracking.
" Use Python, PowerShell, or APIs to automate vulnerability workflows and reporting.
" Embed vulnerability scanning into CI/CD pipelines to support DevSecOps practices.
________________________________________
Cloud & Infrastructure Security
" Assess vulnerabilities in AWS/Azure workloads including compute, networking, IAM, and storage.
" Review cloud misconfigurations and coordinate remediation with cloud teams.
" Ensure proper tagging and asset classification for accurate risk scoring.
________________________________________
Governance & Continuous Improvement
" Maintain vulnerability management policies, standards, and procedures.
" Lead continuous improvement initiatives to reduce false positives and scanning gaps.
" Provide mentoring and technical guidance to junior analysts and engineers.
" Support internal and external security audits.
________________________________________
Required Skills & Qualifications
Technical Skills
" Strong hands on experience with Rapid7 InsightVM / Nexpose
" Deep understanding of CVSS v3, exploit intelligence, and risk based prioritization
" Experience with Zero Day, KEV, and threat intelligence integration
" Cloud security experience in AWS and/or Azure
" Familiarity with SIEM tools (Splunk, QRadar) for correlation and validation
" Automation and scripting skills (Python, PowerShell, APIs)
" Ticketing and workflow integration with ServiceNow / JIRA
________________________________________
Frameworks & Compliance
" NIST CSF / NIST 800 53 / ISO 27001
" PCI DSS, SOX, HIPAA (as applicable)
" Secure SDLC and DevSecOps principles
________________________________________
Soft Skills
" Strong communication and stakeholder management
" Ability to translate vulnerability risk into business impact
" Leadership and mentoring capabilities
" Detail oriented with strong analytical skills
________________________________________
Preferred Certifications
" CISSP / CISM
" CCSK / AWS or Azure Security certifications
" Rapid7 InsightVM experience preferred
________________________________________
Success Measures
" Reduction in Critical and High vulnerabilities
" Improved MTTR and SLA compliance
" Accurate risk prioritization with fewer false positives
" Measurable reduction in organizational risk score
" Positive audit and compliance outcomes

About the Company

Tekfortune Inc.

Tekfortune is a software solutions company providing project development and staff augmentation services to companies in various industries including Healthcare, Banking, Finance, Telecommunication and Aviation.

Tekfortune Inc delivers solutions to a wide variety of organizations of various sizes and industries. Our clients include mid-market to Fortune 1000 companies spanning across industries such as: Insurance, Financial, Pharmaceutical, Manufacturing, Retail and many others.

In Tekfortune Inc, we are offering selection of services and solutions at very reasonable rates. With years of experience in the placement and recruitment Industry and over time we have acquired the knowledge essential to comprehend the exact need and dependence on customers. Therefore we provide the customers the best and also the brightest candidates for vacancies. Moreover, by understanding the working interest of customers who is able to place them within the companies where they are able to get maximum opportunity for professional growth.

Tekfortune Inc has a strong emphasis on quality. Its goal would be to achieve client satisfaction by looking into making deliveries satisfaction of customer's business needs. Our ability to quickly identify and effectively employ proven fundamental principles, techniques and resources yields highly desirable results for our clients.

We understand that each industry and organization share a level of uniqueness that requires a tailored approach in order to deliver specific solutions. Such factors as client culture, industry regulations, organizational maturity, financial health and many more items may impact our approach to delivering client solutions.

Having served a wide variety of clients has provided Tekfortune the ability to build subject matter expertise across numerous industries. Our industry expertise combined with our specialized knowledge of Business Process Improvement, Requirements Management and Program & Project Management provides a powerful combination and a tremendous value to our clients.

We are run by a group of industry experts who have decades of experience in delivering custom solutions to our clients.

COMPANY SIZE

20 to 49 employees

INDUSTRY

Computer Software

FOUNDED

2014

WEBSITE

http://www.tekfortune.com/

Resume Resources

Free Resume Templates Free Resume Builder